CVE-2025-68340

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the team device driver. Specifically, the issue arises when adding a port device that is already in an 'up' state. This can lead to modification of the team device header operations before the addition fails, potentially resulting in the private data of the device pointing to incorrect data structures. The sequence of commands involving 'ip link' can reproduce this issue. The resolution involves moving the team device type check change to the end of the team port add function to prevent irreversible type changes if subsequent checks fail, and preserving the original MTU assignment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-78404

CVE-2025-68340

ECHO-1478-E990-D315

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8152-1

USN-8162-1

USN-8165-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8261-1

USN-8275-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-68340

Related Identifiers

Affected Products

References · 3334